AMENDMENTS TO THE CLAIMS 



Claims Pending: 

• At time of the Action: Claims 1-4, 6-8, 10-36, and 38-48 

• Amended Claims: Claims 1, 20, and 38 

• After this Response: Claims 1-4, 6-8, 10-36, and 38-48 

The following listing of claims replaces all prior versions and listings of claims in the 
application. 
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1. (Currently Amended) A method of processing multiple types of 
security schemes, comprising: 

receiving a message having a first token and a second token, wherein the first token 
is in a first format and the second token is in a second format that is are_different from each 
other, the first format , while associated with a same subject; 

extracting claims from one or more different types of security tokens corresponding 
to multiple security schemes, wherein a claim is a statement about a security token's subject 
that allows security schemes to be based on extracted claims; 

authenticating the first token by extracting a first claim from the first token and 
authenticating the second token by extracting a second claim from the second token, 
wherein the first and second claims comprise different statements about the subject; 

grouping the first and second claims into a claim collection by selectively mapping 
the first claim and the second claim to other claims; aad 

determining a resource being accessed by extracting or obtaining resource identifiers 
from a message at run-time or examining a static configuration of a service; 

authorizing access to a the resource referred to in the message based at least in part 
on the first and second claims [[.]] ; and 

supporting multiple security schemes for the method. 

2. (Original) The method of claim 1, further comprising obtaining another 
claim from the token. 
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3. (Original) The method of claim 1, further comprising rejecting the 
message as a function of the first claim. 

4. (Original) The method of claim 1, further comprising rejecting the 
message as a function of the second claim. 

5. (Cancelled) 

6. (Original) The method of claim 1, further comprising obtaining a 
resource identifier from the message. 

7. (Original) The method of claim 6, wherein obtaining the resource from 
the message comprises applying an XPath expression. 

8. (Original) The method of claim 6, wherein the resource identifier 
comprises a property of the message. 

9. (Cancelled) 

10. (Previously Presented) The method of claim 6, wherein the resource 
identifier comprises a property of the computing system's runtime environment. 
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1 1 . (Previously Presented) The method of claim 6, wherein a resource 
corresponding to the resource identifier is stored by the computing system. 

12. (Original) The method of claim 1, further comprising sending a return 
message to a sender of the message, wherein the return message includes information 
regarding the second claim. 

13. (Original) The method of claim 12, wherein the information regarding 
the second claim comprises the second claim. 

14. (Original) The method of claim 1, further comprising obtaining a third 
claim from the first claim. 

15. (Original) The method of claim 1, further comprising obtaining a third 
claim from the second claim. 

16. (Original) The method of claim 1, further comprising selectively 
rejecting the first claim. 

17. (Original) The method of claim 1, wherein the token is received out-of- 
band from the message. 
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18. (Previously Presented) The method of claim 1, further comprising 
sending the message, the first token and the second token to another entity, wherein the 
second token includes information related to the second claim. 

19. (Cancelled) 

20. (Currently Amended) A system configured to process multiple types 
of security schemes, the system comprising: 

one or more computer processors; and 

one or more computer readable storage media, executable by the one or more 
computer processors, to store: 

a first module to extract claims from one or more different types of security 
tokens corresponding to multiple security schemes, wherein a claim is a statement 
about a security token's subject that allows security schemes to be based on the 
extracted claims; 

a the first module to extract a first claim from a first token and a second 
claim from a second token associated with a message, wherein the message has an 
associated subject and the first claim and the second claim comprise different 
statements related to the subject; and 

a second module to selectively map the first claim and the second claim to 
other claims [[[.]] ; 

the second module to determine a resource being accessed by extracting or 
obtaining resource identifiers from a message at run-time; and 
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the second module to authorize access to the resource referred to in the 
message based at least in part on the first and second claims. 

21. (Original) The system of claim 20 further comprising a third module to 
determine as a function of the first claim whether the message is to be rejected. 

22. (Original) The system of claim 20, further comprising a third module to 
determine as a function of the second claim whether the message is to be rejected. 

23. (Original) The system of claim 20, further comprising a module to form 
a claim collection that includes the first and second claims. 

24. (Original) The system of claim 20, further comprising a module to 
selectively obtain a resource identifier from the message. 

25. (Original) The system of claim 24, wherein the module to obtain the 
resource identifier from the message is to selectively apply an XPath expression to obtain 
the resource identifier. 

26. (Original) The system of claim 24, wherein the resource identifier 
comprises a property of the message. 
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27. (Original) The system of claim 20, further comprising a module to 
selectively obtain a resource identifier from a computing system in which the first and 
second modules reside. 

28. (Original) The system of claim 27, wherein the resource identifier 
comprises a property of the computing system's runtime environment. 

29. (Original) The method of claim 27, wherein a resource corresponding to 
the resource identifier is stored by the computing system. 

30. (Original) The system of claim 20, further comprising a module to 
selectively send a return message to a sender of the message, wherein the return message 
includes information regarding the second claim. 

3 1 . (Original) The system of claim 30, wherein the information regarding the 
second claim comprises the second claim. 

32. (Original) The system of claim 20, wherein the second module is to 
selectively obtain a third claim from the first claim. 

33. (Original) The system of claim 20, wherein the second module is to 
selectively obtain a third claim from the second claim. 



34. (Original) The system of claim 20, wherein the second module is to 
selectively reject the first claim. 

35. (Original) The system of claim 20, wherein the first module is to receive 
the token out-of-band from the message. 

36. (Previously Presented) The system of claim 20, further comprising a 
module to send the message, the first token and the second token to another entity, wherein 
the second token includes information related to the second claim. 

37. (Cancelled) 

38. (Currently Amended) A computer-readable storage medium storing 
computer-executable instructions that, executed by a processor, performs acts comprising: 

receiving a message having a first token and a second token, wherein the first token 
is in a first format and the second token is in a second format that is are_different from -each 
other, the first format , but associated with a same subject; 

extracting claims from one or more different types of security tokens corresponding 
to multiple security schemes, wherein a claim is a statement about a security token's subject 
that allows security schemes to be based on the extracted claims; 

obtaining a first claim from the first token and a second claim from the second token, 
wherein the first and second claims comprise different statements about the subject; and 

selectively mapping the first claim and the second claim to other claims [[.]] and 
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authorizing access to a resource referred to in the message based at least in part on 
the first and second claims . 

39. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising rejecting the message as a function of the first claim. 

40. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising rejecting the message as a function of the second claim. 

41. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising obtaining a resource identifier from the message. 

42. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising obtaining a resource from a computing system reading the 
machine-readable medium. 

43. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising sending a return message to a sender of the message, wherein 
the return message includes information regarding the second claim. 

44. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising obtaining a third claim from the first claim. 
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45. (Previously Presented) The computer-readable storage medium of 
claim 44, further comprising rejecting the message as a function of the third claim. 

46. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising obtaining a third claim from the second claim. 

47. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising selectively rejecting the first claim. 

48. (Previously Presented) The computer-readable storage medium of 
claim 38, further comprising sending the message, the first token and the second token to 
another entity, wherein the second token includes information related to the second claim. 
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